Multilateral Cybersecurity Group Ready to Sign Up Nations
GENEVA -- Countries are in talks to join a multilateral initiative aimed at fighting global cyberterrorism, cyberwarfare and other online threats by better linking experts, governments and Computer Emergency Response Teams, officials said at a technical demonstration last week at the ITU. The International Multilateral Partnership Against Cyber-Threats aims “to build a value proposition for countries to our services,” said IMPACT Chairman Mohd Noor Amin.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Other global organizations are doing the same task, but not on a global basis, Amin said. North Atlantic Treaty Organization activities are confined to NATO countries, he said, and Asia-Pacific Economic Cooperation initiatives are confined to APEC countries. Other initiatives in Europe, the Association of Southeast Asian Nations and the Organization of American States are likewise confined, he said.
Counties with no protection become safe havens for criminals and an online menace, Amin said. Many of the command and control botnets and servers used for cybercriminal payments are in small countries with very little regulation and protection, he said. IMPACT wants to partner with governments, major security vendors, Interpol and certain experts, said IMPACT technical consultant Mitthiran Raman.
“The Global Response Center is meant to be a coordinated body” to mitigate and prevent cyberterrorism, said Raman, the center’s architect. IMPACT has a center for training and skills development, research and development, global response and policy coordination, Raman said. An Electronically Secure Collaboration Application for Experts has social networking links to experts, he said. A July upgrade will add incident logging, Raman said. Many CERTs supported the idea of going beyond ticket-based systems already in place, he said. The cross-CERT compliant upgrade will look for relevant people to address the problem, Raman said. The system will use VoIP, instant messaging or chat tools to connect the parties in real time, he said. Vulnerability information could then be disseminated to all CERTS, Raman said. Case management for cyber-attacks could be routed through law enforcement or other governmental authorities, he said.
The Network Early Warning System uses scraped data from certain places in the network, Raman said. NEWS uses a data surveillance concept for creating an early warning system, he said. IMPACT is working with 18 commercial security vendors to get data, Raman said, and the number is expected to rise to at least 30. A “mash-up engine” aggregates real-time data into an anonymous feed, he said. Scraped data from command and control servers is also provided by Shadow Server Foundation, SRI International’s Malware Threat Center, Arbor Networks’ ATLAS, Honeynet Project and SANS Institute’s Internet storm center, Raman said. The next phase will be gathering data from Kaspersky’s secure network, Semantec’s Deep Site network, Global Intelligence Network and F-Secure, Raman said.
Most attack-marker sources pointed to China one day last week, a demonstration of the system showed. About 939,000 incidents of malicious probing had been logged during the day’s aggregated feed, Raman said. Indications of the threat were corroborated by the various feeds reporting similar data, he said. Data on other threat categories is aggregated from different sources, Raman said. Secunia provides a vulnerabilities list, he said.
Security vendors will provide operating system and application vulnerabilities, Raman said. Lists of viruses, spyware and phishing come from different specialized sources, he said. Countries can also submit malware samples for automatic analysis and possible information distribution within IMPACT’s membership, Raman said. Anti-virus vendors liked the idea of getting information from the submission facility, he said.
Access to IMPACT’s information isn’t yet defined, Raman said. None of the countries are yet onboard, he said. Nations are still in talks with IMPACT, with registration likely to begin in June or July after data center construction and testing are finished, Raman said.
IMPACT was formed “quite independently” of the ITU, Amin said. IMPACT’s four focus areas match recommendations in the ITU Global Cybersecurity Agenda, which was prompted by the World Summit on the Information Society. ITU Secretary- General Hamadoun Toure felt IMPACT could be the operations center for the GCA, Amin said, referring to more than 100 experts’ group recommendations. Malaysia incubated IMPACT with $13 million, Amin said. The organization is “supposed to be self sufficient” afterward, he said.
An International Advisory Board meeting is tentatively planned for the third quarter, Amin said. Board members include Google’s Vint Cerf, Eugene Kaspersky of Kaspersky Lab, former White House cybersecurity advisor Howard Schmidt, Symantec Chairman John Tompson, Mikko Hypponen of F-Secure, Toure and others, the IMPACT Web site said.